summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorDavid S. Miller <davem@sunset.davemloft.net>2007-06-01 00:19:20 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2007-06-04 03:08:42 +0200
commit278a3de5abc7901805689a66340b5af9882b4f9a (patch)
treec18ffd5992fb38e3a6322b220fb56a1da6e5aa77 /drivers
parent[TG3]: Fix link problem on Dell's onboard 5906. (diff)
downloadlinux-278a3de5abc7901805689a66340b5af9882b4f9a.tar.xz
linux-278a3de5abc7901805689a66340b5af9882b4f9a.zip
[AF_UNIX]: Fix datagram connect race causing an OOPS.
Based upon an excellent bug report and initial patch by Frederik Deweerdt. The UNIX datagram connect code blindly dereferences other->sk_socket via the call down to the security_unix_may_send() function. Without locking 'other' that pointer can go NULL via unix_release_sock() which does sock_orphan() which also marks the socket SOCK_DEAD. So we have to lock both 'sk' and 'other' yet avoid all kinds of potential deadlocks (connect to self is OK for datagram sockets and it is possible for two datagram sockets to perform a simultaneous connect to each other). So what we do is have a "double lock" function similar to how we handle this situation in other areas of the kernel. We take the lock of the socket pointer with the smallest address first in order to avoid ABBA style deadlocks. Once we have them both locked, we check to see if SOCK_DEAD is set for 'other' and if so, drop everything and retry the lookup. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
0 files changed, 0 insertions, 0 deletions